Jan. 19 (UPI) — T-Mobile said hackers obtained the personal data of some 37 million customers and it has begun to contact those whose information may have been stolen.
The data theft was announced Thursday in a filing by T-Mobile to the U.S. Securities and Exchange Commission that said it believes the breach started on Nov. 25, and was conducted through the use of an application programming interface, which allows different applications to communicate with one another.
Customer names, billing addresses, phone numbers, emails, birthdays and certain T-Mobile account information may have been stolen in the breach, T-Mobile said, adding that no payment card or financial account information, social security numbers, driver’s license or other government ID numbers or passwords were exposed.
“While no information was obtained for impacted customers that would compromise the safety of customer accounts or finances, we want to be transparent with our customers and ensure they are aware,” T-Mobile said in a statement.
“We understand that an incident like this has an impact on our customers and regret that this occurred.”
In the filing, T-Mobile said it found the breach on Jan. 5 and launched an investigation that within a day traced the source of the malicious activity and ended it.
“Our investigation is still ongoing, but the malicious activity appears to be fully contained at this time,” it said, “and there is currently no evidence that the bad actor was able to breach or compromise our systems or our network.”
The breach is the second to impact the company in as many years, with hackers in August of 2021 stealing information on 76.6 million of its current and potential users, including their Social Security numbers.
In July, the company agreed to pay $350 million to settle a class-action lawsuit concerning the breach.